CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
95.5%
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
Vendor | Product | Version | CPE |
---|---|---|---|
gnupg | gnupg | * | cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:* |
fedoraproject | fedora | 13 | cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:* |
debian | debian_linux | 5.0 | cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html
lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html
lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
secunia.com/advisories/38877
secunia.com/advisories/40718
secunia.com/advisories/40841
slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008
wiki.rpath.com/wiki/Advisories:rPSA-2010-0076
www.debian.org/security/2010/dsa-2076
www.mandriva.com/security/advisories?name=MDVSA-2010:143
www.securityfocus.com/bid/41945
www.securitytracker.com/id?1024247
www.vupen.com/english/advisories/2010/1931
www.vupen.com/english/advisories/2010/1950
www.vupen.com/english/advisories/2010/1988
www.vupen.com/english/advisories/2010/2217
www.vupen.com/english/advisories/2010/3125
issues.rpath.com/browse/RPL-3229
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
95.5%